search

hughobrien / zfs-remote-mirror

A detailed tutorial on setting up a remote ZFS mirror for home use.
302 stars 29 forks source link

Geli not working on rPi #6

Open hcp123 opened 7 years ago

hcp123 commented 7 years ago

Hi. I've tried following your guide, and ended up using the premade image for rPi. However I'm stuck at initializing the geli system for the external disk. Basically it just does not work.

root@knox:~ # geli init -s 4096 -PK /tmp/knox-geli-key /dev/da0

Metadata backup can be found in /var/backups/da0.eli and
can be restored with the following command:

    # geli restore /var/backups/da0.eli /dev/da0

root@knox:~ # geli attach -pk /tmp/knox-geli-key /dev/da0 
geli: Wrong key for da0.

Same thing with a simple passphrase:

> root@knox:~ # geli init  /dev/da0
> Enter new passphrase: 
> Reenter new passphrase: 
> 
> Metadata backup can be found in /var/backups/da0.eli and
> can be restored with the following command:
> 
>   # geli restore /var/backups/da0.eli /dev/da0
> 
> root@knox:~ # geli attach  /dev/da0
> Enter passphrase: 
> geli: Wrong key for da0.
>

I found this thread from 2015 about the issue, but no verified solution, just a suggestion to recompile the eli libraries. I'll try this, but it will probably take some time.

Any other suggestions? And how did you get it working in your system?

Thanks

hcp123 commented 7 years ago

Answering my own question here. I followed this thread (forgot the link abow): http://freebsd.1045724.x6.nabble.com/quot-geli-Wrong-key-quot-unable-to-attach-in-RPi-ARM-environment-td5987915.html (Short answer, patch here: http://freebsd.1045724.x6.nabble.com/attachment/5990996/0/g_eli_key.c.patch ) Then recompile the eli shared library: (This is copy/paste from the thread mentioned above, instructions and patch are from Daisuke Aoyama )

How to use this patch on running system:

If you don't have source tree, check out with your kernel version specified by "-r". # uname -v FreeBSD 11.0-CURRENT #0 r277169M: Wed Jan 14 22:06:07 JST 2015

# svnlite checkout -r 277169 svn://svn.FreeBSD.org/base/head /usr/src

Apply the patch # cd /usr/src # patch < /path/to/g_eli_key.c.patch

Build the patched shared library # cd /usr/src/sbin/geom/class/eli # make && make install

Now you have patched shared library in /lib/geom/geom_eli.so geli command use this library.

hughobrien commented 7 years ago

I remember hitting something similar, but I must have forgotten to write it up.

As a short term fix, you could init the drives on another system and transfer the key material over to the rpi.

Please be aware that the pre-made image is getting a little old at this point, though as it only exposes SSH the attack surface is quite low. Also there has been a ZFS version bump (nothing special).

I'm not aware of any SSH issues resolved between the time the image was made and now, but it might be worth scanning the FreeBSD security pages / lists to be sure.

I haven't yet build a version with 11 - but if you star the repo it's something I keep meaning to get around to.

Thanks for trying it out - I'll add a section to explain your issue. Patches, etc. welcome.

All the best,

Hugh

On 14 May 2017 at 12:43, hcp123 notifications@github.com wrote:

Answering my own question here. I followed this thread (forgot the link abow): http://freebsd.1045724.x6.nabble.com/quot-geli-Wrong- key-quot-unable-to-attach-in-RPi-ARM-environment-td5987915.html (Short answer, patch here: http://freebsd.1045724.x6. nabble.com/attachment/5990996/0/g_eli_key.c.patch ) Then recompile the eli shared library: (This is copy/paste from the thread mentioned above, instructions and patch are from Daisuke Aoyama )

How to use this patch on running system:

If you don't have source tree, check out with your kernel version specified by "-r".

uname -v

FreeBSD 11.0-CURRENT #0 r277169M: Wed Jan 14 22:06:07 JST 2015

usr/src/sys/RPI-B-test22

svnlite checkout -r 277169 svn://svn.FreeBSD.org/base/head /usr/src

Apply the patch

cd /usr/src

patch < /path/to/g_eli_key.c.patch

Build the patched shared library

cd /usr/src/sbin/geom/class/eli

make && make install

Now you have patched shared library in /lib/geom/geom_eli.so geli command use this library.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hughobrien/zfs-remote-mirror/issues/6#issuecomment-301306750, or mute the thread https://github.com/notifications/unsubscribe-auth/ADPj8sczM-LqCefzoIsbrWb-9vflY8Iyks5r5ujngaJpZM4NaUaN .